From cc2712502c9266eaa4594c3d8b454ef9364afe49 Mon Sep 17 00:00:00 2001 From: David Baumwald Date: Sat, 12 Mar 2022 00:27:25 +0000 Subject: [PATCH] Formatting: Use `safecss_filter_attr` in `wp_get_layout_style()`. Previously, `safecss_filter_attr` did not allow for `calc` and `var` in parsed CSS. Because of this, `wp_strip_all_tags` was used in `wp_get_layout_style` to allow for the use of these CSS functions to account for responsive widths. [50923] added support for both of these CSS functions in KSES, so `safecss_filter_attr` can now be used in `wp_get_layout_style` as originally intended. Follow-up to [52069]. Props grapplerulrich. Fixes #55356. git-svn-id: https://develop.svn.wordpress.org/trunk@52924 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/block-supports/layout.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/block-supports/layout.php b/src/wp-includes/block-supports/layout.php index 65e5910dec..e57d56c5dd 100644 --- a/src/wp-includes/block-supports/layout.php +++ b/src/wp-includes/block-supports/layout.php @@ -54,9 +54,8 @@ function wp_get_layout_style( $selector, $layout, $has_block_gap_support = false $wide_max_width_value = $wide_size ? $wide_size : $content_size; // Make sure there is a single CSS rule, and all tags are stripped for security. - // TODO: Use `safecss_filter_attr` instead - once https://core.trac.wordpress.org/ticket/46197 is patched. - $all_max_width_value = wp_strip_all_tags( explode( ';', $all_max_width_value )[0] ); - $wide_max_width_value = wp_strip_all_tags( explode( ';', $wide_max_width_value )[0] ); + $all_max_width_value = safecss_filter_attr( explode( ';', $all_max_width_value )[0] ); + $wide_max_width_value = safecss_filter_attr( explode( ';', $wide_max_width_value )[0] ); $style = ''; if ( $content_size || $wide_size ) {